android_kernel_samsung_msm8976/drivers/gpu
Rajesh Kemisetti eed7bf427c msm: kgsl: Fix race condition between cmdbatch and context destroy
kgsl_cmdbatch_destroy() tries to cancel all pending sync events
by taking local copy of pending list. In case of sync point timestamp
event, it goes ahead and accesses context's events list assuming that
event's context would be alive.

But at the same time, if the other context, which is of interest for
these sync point events, can be destroyed by cancelling all
events in its group.

This leads to use-after-free in kgsl_cmdbatch_destroy() path.

Fix is to give the responsibility of putting the context's ref count
to the thread which clears the pending mask.

Change-Id: I8d08ef6ddb38ca917f75088071c04727bced11d2
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
2019-10-27 19:33:27 +01:00
..
drm
host1x
msm msm: kgsl: Fix race condition between cmdbatch and context destroy 2019-10-27 19:33:27 +01:00
vga
Makefile